OpenOffice.org 3 Multiple Vulnerabilities

Secunia Advisory SA38568

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Description

Some vulnerabilities have been reported in OpenOffice

Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of the Secunia VIM.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to vuln@secunia.com

I found I did not need to install a Release Candidate to resolve this issue.

"Check for Updates" in OpenOffice release 3.1.1 OOO310m19 (build:9420) reported that OpenOffice 3.1 is up to date. It did not offer to install 3.2.

Clicking Secunia PSI's "Download Solution" button displayed a "Download OpenOffice.org 3.2.0" button. The button downloaded OpenOffice.org release 3.2.0 OOO320_m12 (build:9483). A Get Release Candidate button was also present but I did not use it.

Just to be clear , in the programme's "help" dropdown menu , the version shown in "about" as "OpenOffice.org release 3.2.0 OOO320_m12 (build:9483)" is shown in Secunia PSI "patched" tab as version 3.2.9476.500 - the detection rules (presumably) using version numbers found (mouse over , if you wish to check) on certain files in the OOo main folder. This was the same for 3.0. and 3.1 . The build N° is "usually" the guiding factor .

AFAIK this is the latest stable release (English language) as officially offered by OOo and not an RC .